<?php
session_start();
// include('resist.php');
?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php

include('connect.php');
$mk1 = $_POST['txtMK1'];
$mk2 = $_POST['txtMK2'];
$tk = $_SESSION['taikhoan'];
$mkmh = md5($mk1);

if ($mk1 == $mk2)
{
	$queryChgPass = "update `tai khoan` set password = '$mkmh' where username = '$tk'";
	mysql_query($queryChgPass, $db) or die("Không thể cập nhật!".mysql_error());
	
	$query = "select ma_quyen from `tai khoan` where username = '$tk'";
	$result = mysql_query($query, $db) or die("Error".mysql_error());
	$row = mysql_fetch_array($result);
	
	switch ($row['ma_quyen'])
	{
		case 'AD':
			// header("Location: ad-trangchu.php");
			$location = "ad-trangchu.php";
			break;
		case 'SV':
			// header("Location: sv-trangchu.php");
			$location = "sv-trangchu.php";
			break;
		case 'GV':
			// header("Location: gv-trangchu.php");
			$location = "gv-trangchu.php";
			break;
		case 'CNK':
			// header("Location: cnk-trangchu.php");
			$location = "cnk-trangchu.php";
			break;
		case 'DBCL':
			// header("Location: dbcl-trangchu.php");
			$location = "dbcl-trangchu.php";
			break;
	}
	echo '<script language="javascript">
			alert("Đổi mật khẩu thành công!");
			window.location = "'.$location.'";
		</script>';
	
}
else
{
	include('conn_close.php');
	header("Location: frmDoiMK.php?error=umpass");
}

?>